Hello,
Your criteria's:
APPLICATION in security policy is mssql ,oracle , rpc.
Service ANY
will match all the traffic until a few packets will go thru your firewall.
First you need to understand why you are seeing Insufficient Data: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC
Then, every application has standard protocol and ports and maybe an inter-dependency.
https://applipedia.paloaltonetworks.com/
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK
In your particular case, I recommend doing at least two thinks:
replace service ANY with APPLICATION-DEFAULT
put msrpc into a separate security policy because it using dynamic ports (tcp/dynamic,udp/dynamic) and add extra criteria in that security policy (like: source IP, destination IP, source user if you can)
And try to avoid using msrpc (it's a application container) because once you allow the container, you are allowing everything from that container.
... View more